--- /dev/null
+From 274252862f386b7868f35bf5ceaa5391a8ccfdf3 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil.sutter@viprinet.com>
+Date: Wed, 16 Nov 2011 18:28:01 +0100
+Subject: crypto: mv_cesa - fix hashing of chunks > 1920 bytes
+
+From: Phil Sutter <phil.sutter@viprinet.com>
+
+commit 274252862f386b7868f35bf5ceaa5391a8ccfdf3 upstream.
+
+This was broken by commit 7759995c75ae0cbd4c861582908449f6b6208e7a (yes,
+myself). The basic problem here is since the digest state is only saved
+after the last chunk, the state array is only valid when handling the
+first chunk of the next buffer. Broken since linux-3.0.
+
+Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/crypto/mv_cesa.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/drivers/crypto/mv_cesa.c
++++ b/drivers/crypto/mv_cesa.c
+@@ -342,11 +342,13 @@ static void mv_process_hash_current(int
+ else
+ op.config |= CFG_MID_FRAG;
+
+- writel(req_ctx->state[0], cpg->reg + DIGEST_INITIAL_VAL_A);
+- writel(req_ctx->state[1], cpg->reg + DIGEST_INITIAL_VAL_B);
+- writel(req_ctx->state[2], cpg->reg + DIGEST_INITIAL_VAL_C);
+- writel(req_ctx->state[3], cpg->reg + DIGEST_INITIAL_VAL_D);
+- writel(req_ctx->state[4], cpg->reg + DIGEST_INITIAL_VAL_E);
++ if (first_block) {
++ writel(req_ctx->state[0], cpg->reg + DIGEST_INITIAL_VAL_A);
++ writel(req_ctx->state[1], cpg->reg + DIGEST_INITIAL_VAL_B);
++ writel(req_ctx->state[2], cpg->reg + DIGEST_INITIAL_VAL_C);
++ writel(req_ctx->state[3], cpg->reg + DIGEST_INITIAL_VAL_D);
++ writel(req_ctx->state[4], cpg->reg + DIGEST_INITIAL_VAL_E);
++ }
+ }
+
+ memcpy(cpg->sram + SRAM_CONFIG, &op, sizeof(struct sec_accel_config));
--- /dev/null
+From 04b38670cf46c096705f24e92a8747d1ab89e53c Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 16 Nov 2011 10:58:03 +0100
+Subject: drm/i915: Fix inconsistent backlight level during disabled
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 04b38670cf46c096705f24e92a8747d1ab89e53c upstream.
+
+When the brightness property is inquired while the backlight is disabled,
+the driver returns a wrong value (zero) because it probes the value after
+the backlight was turned off. This caused a black screen even after the
+backlight is enabled again. It should return the internal backlight_level
+instead, so that it won't be influenced by the backlight-enable state.
+
+BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=41926
+BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/872652
+
+Tested-by: Kamal Mostafa <kamal@canonical.com>
+Cc: Alex Davis <alex14641@yahoo.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/i915/intel_panel.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/intel_panel.c
++++ b/drivers/gpu/drm/i915/intel_panel.c
+@@ -326,7 +326,8 @@ static int intel_panel_update_status(str
+ static int intel_panel_get_brightness(struct backlight_device *bd)
+ {
+ struct drm_device *dev = bl_get_data(bd);
+- return intel_panel_get_backlight(dev);
++ struct drm_i915_private *dev_priv = dev->dev_private;
++ return dev_priv->backlight_level;
+ }
+
+ static const struct backlight_ops intel_panel_bl_ops = {
--- /dev/null
+From 775d17b6ca4357048f36c22151335addfe15db4b Mon Sep 17 00:00:00 2001
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+Date: Sun, 9 Oct 2011 21:52:01 +0200
+Subject: drm/i915: Ivybridge still has fences!
+
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+
+commit 775d17b6ca4357048f36c22151335addfe15db4b upstream.
+
+So don't forget to restore them on resume and dump them into
+the error state.
+
+Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/i915/i915_irq.c | 1 +
+ drivers/gpu/drm/i915/i915_suspend.c | 2 ++
+ 2 files changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/i915/i915_irq.c
++++ b/drivers/gpu/drm/i915/i915_irq.c
+@@ -822,6 +822,7 @@ static void i915_gem_record_fences(struc
+
+ /* Fences */
+ switch (INTEL_INFO(dev)->gen) {
++ case 7:
+ case 6:
+ for (i = 0; i < 16; i++)
+ error->fence[i] = I915_READ64(FENCE_REG_SANDYBRIDGE_0 + (i * 8));
+--- a/drivers/gpu/drm/i915/i915_suspend.c
++++ b/drivers/gpu/drm/i915/i915_suspend.c
+@@ -370,6 +370,7 @@ static void i915_save_modeset_reg(struct
+
+ /* Fences */
+ switch (INTEL_INFO(dev)->gen) {
++ case 7:
+ case 6:
+ for (i = 0; i < 16; i++)
+ dev_priv->saveFENCE[i] = I915_READ64(FENCE_REG_SANDYBRIDGE_0 + (i * 8));
+@@ -404,6 +405,7 @@ static void i915_restore_modeset_reg(str
+
+ /* Fences */
+ switch (INTEL_INFO(dev)->gen) {
++ case 7:
+ case 6:
+ for (i = 0; i < 16; i++)
+ I915_WRITE64(FENCE_REG_SANDYBRIDGE_0 + (i * 8), dev_priv->saveFENCE[i]);
--- /dev/null
+From 406478dc911e16677fbd9c84d1d50cdffbc031ab Mon Sep 17 00:00:00 2001
+From: Eric Anholt <eric@anholt.net>
+Date: Mon, 7 Nov 2011 16:07:04 -0800
+Subject: drm/i915: Turn on a required 3D clock gating bit on Sandybridge.
+
+From: Eric Anholt <eric@anholt.net>
+
+commit 406478dc911e16677fbd9c84d1d50cdffbc031ab upstream.
+
+Fixes rendering failures in Unigine Tropics and Sanctuary and the mesa
+"fire" demo.
+
+Signed-off-by: Eric Anholt <eric@anholt.net>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/i915/i915_reg.h | 3 +++
+ drivers/gpu/drm/i915/intel_display.c | 9 +++++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/drivers/gpu/drm/i915/i915_reg.h
++++ b/drivers/gpu/drm/i915/i915_reg.h
+@@ -3401,6 +3401,9 @@
+ #define GT_FIFO_FREE_ENTRIES 0x120008
+ #define GT_FIFO_NUM_RESERVED_ENTRIES 20
+
++#define GEN6_UCGCTL2 0x9404
++# define GEN6_RCPBUNIT_CLOCK_GATE_DISABLE (1 << 12)
++
+ #define GEN6_RPNSWREQ 0xA008
+ #define GEN6_TURBO_DISABLE (1<<31)
+ #define GEN6_FREQUENCY(x) ((x)<<25)
+--- a/drivers/gpu/drm/i915/intel_display.c
++++ b/drivers/gpu/drm/i915/intel_display.c
+@@ -7882,6 +7882,15 @@ static void gen6_init_clock_gating(struc
+ I915_WRITE(WM2_LP_ILK, 0);
+ I915_WRITE(WM1_LP_ILK, 0);
+
++ /* According to the BSpec vol1g, bit 12 (RCPBUNIT) clock
++ * gating disable must be set. Failure to set it results in
++ * flickering pixels due to Z write ordering failures after
++ * some amount of runtime in the Mesa "fire" demo, and Unigine
++ * Sanctuary and Tropics, and apparently anything else with
++ * alpha test or pixel discard.
++ */
++ I915_WRITE(GEN6_UCGCTL2, GEN6_RCPBUNIT_CLOCK_GATE_DISABLE);
++
+ /*
+ * According to the spec the following bits should be
+ * set in order to enable memory self-refresh and fbc:
--- /dev/null
+From 9ca1d10d748e56964de95e3ed80211b192f56cf4 Mon Sep 17 00:00:00 2001
+From: Eric Anholt <eric@anholt.net>
+Date: Mon, 7 Nov 2011 16:07:05 -0800
+Subject: drm/i915: Turn on another required clock gating bit on gen6.
+
+From: Eric Anholt <eric@anholt.net>
+
+commit 9ca1d10d748e56964de95e3ed80211b192f56cf4 upstream.
+
+Unlike the previous one, I don't have known testcases it fixes. I'd
+rather not go through the same debug cycle on whatever testcases those
+might be.
+
+Signed-off-by: Eric Anholt <eric@anholt.net>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/i915/i915_reg.h | 1 +
+ drivers/gpu/drm/i915/intel_display.c | 7 ++++++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/i915_reg.h
++++ b/drivers/gpu/drm/i915/i915_reg.h
+@@ -3403,6 +3403,7 @@
+
+ #define GEN6_UCGCTL2 0x9404
+ # define GEN6_RCPBUNIT_CLOCK_GATE_DISABLE (1 << 12)
++# define GEN6_RCCUNIT_CLOCK_GATE_DISABLE (1 << 11)
+
+ #define GEN6_RPNSWREQ 0xA008
+ #define GEN6_TURBO_DISABLE (1<<31)
+--- a/drivers/gpu/drm/i915/intel_display.c
++++ b/drivers/gpu/drm/i915/intel_display.c
+@@ -7888,8 +7888,13 @@ static void gen6_init_clock_gating(struc
+ * some amount of runtime in the Mesa "fire" demo, and Unigine
+ * Sanctuary and Tropics, and apparently anything else with
+ * alpha test or pixel discard.
++ *
++ * According to the spec, bit 11 (RCCUNIT) must also be set,
++ * but we didn't debug actual testcases to find it out.
+ */
+- I915_WRITE(GEN6_UCGCTL2, GEN6_RCPBUNIT_CLOCK_GATE_DISABLE);
++ I915_WRITE(GEN6_UCGCTL2,
++ GEN6_RCPBUNIT_CLOCK_GATE_DISABLE |
++ GEN6_RCCUNIT_CLOCK_GATE_DISABLE);
+
+ /*
+ * According to the spec the following bits should be
--- /dev/null
+From a5cd335165e31db9dbab636fd29895d41da55dd2 Mon Sep 17 00:00:00 2001
+From: Xi Wang <xi.wang@gmail.com>
+Date: Wed, 23 Nov 2011 01:12:01 -0500
+Subject: drm: integer overflow in drm_mode_dirtyfb_ioctl()
+
+From: Xi Wang <xi.wang@gmail.com>
+
+commit a5cd335165e31db9dbab636fd29895d41da55dd2 upstream.
+
+There is a potential integer overflow in drm_mode_dirtyfb_ioctl()
+if userspace passes in a large num_clips. The call to kmalloc would
+allocate a small buffer, and the call to fb->funcs->dirty may result
+in a memory corruption.
+
+Reported-by: Haogang Chen <haogangchen@gmail.com>
+Signed-off-by: Xi Wang <xi.wang@gmail.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/drm_crtc.c | 4 ++++
+ include/drm/drm_mode.h | 2 ++
+ 2 files changed, 6 insertions(+)
+
+--- a/drivers/gpu/drm/drm_crtc.c
++++ b/drivers/gpu/drm/drm_crtc.c
+@@ -1868,6 +1868,10 @@ int drm_mode_dirtyfb_ioctl(struct drm_de
+ }
+
+ if (num_clips && clips_ptr) {
++ if (num_clips < 0 || num_clips > DRM_MODE_FB_DIRTY_MAX_CLIPS) {
++ ret = -EINVAL;
++ goto out_err1;
++ }
+ clips = kzalloc(num_clips * sizeof(*clips), GFP_KERNEL);
+ if (!clips) {
+ ret = -ENOMEM;
+--- a/include/drm/drm_mode.h
++++ b/include/drm/drm_mode.h
+@@ -233,6 +233,8 @@ struct drm_mode_fb_cmd {
+ #define DRM_MODE_FB_DIRTY_ANNOTATE_FILL 0x02
+ #define DRM_MODE_FB_DIRTY_FLAGS 0x03
+
++#define DRM_MODE_FB_DIRTY_MAX_CLIPS 256
++
+ /*
+ * Mark a region of a framebuffer as dirty.
+ *
--- /dev/null
+From d724502a9d7a46f4a56a1663b1f50d2dc9d1ef40 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Mon, 21 Nov 2011 12:10:14 -0500
+Subject: drm/radeon/kms: fix up gpio i2c mask bits for r4xx for real
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit d724502a9d7a46f4a56a1663b1f50d2dc9d1ef40 upstream.
+
+Fixes i2c test failures when i2c_algo_bit.bit_test=1.
+
+The hw doesn't actually require a mask, so just set it
+to the default mask bits for r1xx-r4xx radeon ddc.
+
+I missed this part the first time through.
+
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/radeon/radeon_atombios.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/drivers/gpu/drm/radeon/radeon_atombios.c
++++ b/drivers/gpu/drm/radeon/radeon_atombios.c
+@@ -169,6 +169,18 @@ void radeon_atombios_i2c_init(struct rad
+ gpio = &i2c_info->asGPIO_Info[i];
+ i2c.valid = false;
+
++ /* r4xx mask is technically not used by the hw, so patch in the legacy mask bits */
++ if ((rdev->family == CHIP_R420) ||
++ (rdev->family == CHIP_R423) ||
++ (rdev->family == CHIP_RV410)) {
++ if ((le16_to_cpu(gpio->usClkMaskRegisterIndex) == 0x0018) ||
++ (le16_to_cpu(gpio->usClkMaskRegisterIndex) == 0x0019) ||
++ (le16_to_cpu(gpio->usClkMaskRegisterIndex) == 0x001a)) {
++ gpio->ucClkMaskShift = 0x19;
++ gpio->ucDataMaskShift = 0x18;
++ }
++ }
++
+ /* some evergreen boards have bad data for this entry */
+ if (ASIC_IS_DCE4(rdev)) {
+ if ((i == 7) &&
--- /dev/null
+From 0f751e641a71157aa584c2a2e22fda52b52b8a56 Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Wed, 23 Nov 2011 11:31:24 -0600
+Subject: eCryptfs: Extend array bounds for all filename chars
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+commit 0f751e641a71157aa584c2a2e22fda52b52b8a56 upstream.
+
+From mhalcrow's original commit message:
+
+ Characters with ASCII values greater than the size of
+ filename_rev_map[] are valid filename characters.
+ ecryptfs_decode_from_filename() will access kernel memory beyond
+ that array, and ecryptfs_parse_tag_70_packet() will then decrypt
+ those characters. The attacker, using the FNEK of the crafted file,
+ can then re-encrypt the characters to reveal the kernel memory past
+ the end of the filename_rev_map[] array. I expect low security
+ impact since this array is statically allocated in the text area,
+ and the amount of memory past the array that is accessible is
+ limited by the largest possible ASCII filename character.
+
+This patch solves the issue reported by mhalcrow but with an
+implementation suggested by Linus to simply extend the length of
+filename_rev_map[] to 256. Characters greater than 0x7A are mapped to
+0x00, which is how invalid characters less than 0x7A were previously
+being handled.
+
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Reported-by: Michael Halcrow <mhalcrow@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -1945,7 +1945,7 @@ static unsigned char *portable_filename_
+
+ /* We could either offset on every reverse map or just pad some 0x00's
+ * at the front here */
+-static const unsigned char filename_rev_map[] = {
++static const unsigned char filename_rev_map[256] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
+@@ -1961,7 +1961,7 @@ static const unsigned char filename_rev_
+ 0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
+- 0x3D, 0x3E, 0x3F
++ 0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */
+ };
+
+ /**
--- /dev/null
+From 32001d6fe9ac6b0423e674a3093aa56740849f3b Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Mon, 21 Nov 2011 17:31:29 -0600
+Subject: eCryptfs: Flush file in vma close
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+commit 32001d6fe9ac6b0423e674a3093aa56740849f3b upstream.
+
+Dirty pages weren't being written back when an mmap'ed eCryptfs file was
+closed before the mapping was unmapped. Since f_ops->flush() is not
+called by the munmap() path, the lower file was simply being released.
+This patch flushes the eCryptfs file in the vm_ops->close() path.
+
+https://launchpad.net/bugs/870326
+
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/file.c | 23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+--- a/fs/ecryptfs/file.c
++++ b/fs/ecryptfs/file.c
+@@ -139,6 +139,27 @@ out:
+ return rc;
+ }
+
++static void ecryptfs_vma_close(struct vm_area_struct *vma)
++{
++ filemap_write_and_wait(vma->vm_file->f_mapping);
++}
++
++static const struct vm_operations_struct ecryptfs_file_vm_ops = {
++ .close = ecryptfs_vma_close,
++ .fault = filemap_fault,
++};
++
++static int ecryptfs_file_mmap(struct file *file, struct vm_area_struct *vma)
++{
++ int rc;
++
++ rc = generic_file_mmap(file, vma);
++ if (!rc)
++ vma->vm_ops = &ecryptfs_file_vm_ops;
++
++ return rc;
++}
++
+ struct kmem_cache *ecryptfs_file_info_cache;
+
+ /**
+@@ -349,7 +370,7 @@ const struct file_operations ecryptfs_ma
+ #ifdef CONFIG_COMPAT
+ .compat_ioctl = ecryptfs_compat_ioctl,
+ #endif
+- .mmap = generic_file_mmap,
++ .mmap = ecryptfs_file_mmap,
+ .open = ecryptfs_open,
+ .flush = ecryptfs_flush,
+ .release = ecryptfs_release,
--- /dev/null
+From b59db43ad4434519feb338eacb01d77eb50825c5 Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Mon, 21 Nov 2011 17:31:02 -0600
+Subject: eCryptfs: Prevent file create race condition
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+commit b59db43ad4434519feb338eacb01d77eb50825c5 upstream.
+
+The file creation path prematurely called d_instantiate() and
+unlock_new_inode() before the eCryptfs inode info was fully
+allocated and initialized and before the eCryptfs metadata was written
+to the lower file.
+
+This could result in race conditions in subsequent file and inode
+operations leading to unexpected error conditions or a null pointer
+dereference while attempting to use the unallocated memory.
+
+https://launchpad.net/bugs/813146
+
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/crypto.c | 22 +++++++++--------
+ fs/ecryptfs/ecryptfs_kernel.h | 5 ++--
+ fs/ecryptfs/inode.c | 52 +++++++++++++++++++++++++-----------------
+ 3 files changed, 46 insertions(+), 33 deletions(-)
+
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -967,7 +967,7 @@ static void ecryptfs_set_default_crypt_s
+
+ /**
+ * ecryptfs_new_file_context
+- * @ecryptfs_dentry: The eCryptfs dentry
++ * @ecryptfs_inode: The eCryptfs inode
+ *
+ * If the crypto context for the file has not yet been established,
+ * this is where we do that. Establishing a new crypto context
+@@ -984,13 +984,13 @@ static void ecryptfs_set_default_crypt_s
+ *
+ * Returns zero on success; non-zero otherwise
+ */
+-int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)
++int ecryptfs_new_file_context(struct inode *ecryptfs_inode)
+ {
+ struct ecryptfs_crypt_stat *crypt_stat =
+- &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
++ &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
+ struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
+ &ecryptfs_superblock_to_private(
+- ecryptfs_dentry->d_sb)->mount_crypt_stat;
++ ecryptfs_inode->i_sb)->mount_crypt_stat;
+ int cipher_name_len;
+ int rc = 0;
+
+@@ -1299,12 +1299,12 @@ static int ecryptfs_write_headers_virt(c
+ }
+
+ static int
+-ecryptfs_write_metadata_to_contents(struct dentry *ecryptfs_dentry,
++ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode,
+ char *virt, size_t virt_len)
+ {
+ int rc;
+
+- rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt,
++ rc = ecryptfs_write_lower(ecryptfs_inode, virt,
+ 0, virt_len);
+ if (rc < 0)
+ printk(KERN_ERR "%s: Error attempting to write header "
+@@ -1338,7 +1338,8 @@ static unsigned long ecryptfs_get_zeroed
+
+ /**
+ * ecryptfs_write_metadata
+- * @ecryptfs_dentry: The eCryptfs dentry
++ * @ecryptfs_dentry: The eCryptfs dentry, which should be negative
++ * @ecryptfs_inode: The newly created eCryptfs inode
+ *
+ * Write the file headers out. This will likely involve a userspace
+ * callout, in which the session key is encrypted with one or more
+@@ -1348,10 +1349,11 @@ static unsigned long ecryptfs_get_zeroed
+ *
+ * Returns zero on success; non-zero on error
+ */
+-int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
++int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
++ struct inode *ecryptfs_inode)
+ {
+ struct ecryptfs_crypt_stat *crypt_stat =
+- &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
++ &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
+ unsigned int order;
+ char *virt;
+ size_t virt_len;
+@@ -1391,7 +1393,7 @@ int ecryptfs_write_metadata(struct dentr
+ rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt,
+ size);
+ else
+- rc = ecryptfs_write_metadata_to_contents(ecryptfs_dentry, virt,
++ rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt,
+ virt_len);
+ if (rc) {
+ printk(KERN_ERR "%s: Error writing metadata out to lower file; "
+--- a/fs/ecryptfs/ecryptfs_kernel.h
++++ b/fs/ecryptfs/ecryptfs_kernel.h
+@@ -584,9 +584,10 @@ int ecryptfs_init_crypt_ctx(struct ecryp
+ int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode);
+ int ecryptfs_encrypt_page(struct page *page);
+ int ecryptfs_decrypt_page(struct page *page);
+-int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry);
++int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
++ struct inode *ecryptfs_inode);
+ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry);
+-int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry);
++int ecryptfs_new_file_context(struct inode *ecryptfs_inode);
+ void ecryptfs_write_crypt_stat_flags(char *page_virt,
+ struct ecryptfs_crypt_stat *crypt_stat,
+ size_t *written);
+--- a/fs/ecryptfs/inode.c
++++ b/fs/ecryptfs/inode.c
+@@ -172,22 +172,23 @@ ecryptfs_create_underlying_file(struct i
+ * it. It will also update the eCryptfs directory inode to mimic the
+ * stat of the lower directory inode.
+ *
+- * Returns zero on success; non-zero on error condition
++ * Returns the new eCryptfs inode on success; an ERR_PTR on error condition
+ */
+-static int
++static struct inode *
+ ecryptfs_do_create(struct inode *directory_inode,
+ struct dentry *ecryptfs_dentry, int mode)
+ {
+ int rc;
+ struct dentry *lower_dentry;
+ struct dentry *lower_dir_dentry;
++ struct inode *inode;
+
+ lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
+ lower_dir_dentry = lock_parent(lower_dentry);
+ if (IS_ERR(lower_dir_dentry)) {
+ ecryptfs_printk(KERN_ERR, "Error locking directory of "
+ "dentry\n");
+- rc = PTR_ERR(lower_dir_dentry);
++ inode = ERR_CAST(lower_dir_dentry);
+ goto out;
+ }
+ rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode,
+@@ -195,20 +196,19 @@ ecryptfs_do_create(struct inode *directo
+ if (rc) {
+ printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
+ "rc = [%d]\n", __func__, rc);
++ inode = ERR_PTR(rc);
+ goto out_lock;
+ }
+- rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
+- directory_inode->i_sb);
+- if (rc) {
+- ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n");
++ inode = __ecryptfs_get_inode(lower_dentry->d_inode,
++ directory_inode->i_sb);
++ if (IS_ERR(inode))
+ goto out_lock;
+- }
+ fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
+ fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
+ out_lock:
+ unlock_dir(lower_dir_dentry);
+ out:
+- return rc;
++ return inode;
+ }
+
+ /**
+@@ -219,26 +219,26 @@ out:
+ *
+ * Returns zero on success
+ */
+-static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
++static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
++ struct inode *ecryptfs_inode)
+ {
+ struct ecryptfs_crypt_stat *crypt_stat =
+- &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
++ &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
+ int rc = 0;
+
+- if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
++ if (S_ISDIR(ecryptfs_inode->i_mode)) {
+ ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
+ crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
+ goto out;
+ }
+ ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
+- rc = ecryptfs_new_file_context(ecryptfs_dentry);
++ rc = ecryptfs_new_file_context(ecryptfs_inode);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error creating new file "
+ "context; rc = [%d]\n", rc);
+ goto out;
+ }
+- rc = ecryptfs_get_lower_file(ecryptfs_dentry,
+- ecryptfs_dentry->d_inode);
++ rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
+ if (rc) {
+ printk(KERN_ERR "%s: Error attempting to initialize "
+ "the lower file for the dentry with name "
+@@ -246,10 +246,10 @@ static int ecryptfs_initialize_file(stru
+ ecryptfs_dentry->d_name.name, rc);
+ goto out;
+ }
+- rc = ecryptfs_write_metadata(ecryptfs_dentry);
++ rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
+ if (rc)
+ printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
+- ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
++ ecryptfs_put_lower_file(ecryptfs_inode);
+ out:
+ return rc;
+ }
+@@ -269,18 +269,28 @@ static int
+ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
+ int mode, struct nameidata *nd)
+ {
++ struct inode *ecryptfs_inode;
+ int rc;
+
+- /* ecryptfs_do_create() calls ecryptfs_interpose() */
+- rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode);
+- if (unlikely(rc)) {
++ ecryptfs_inode = ecryptfs_do_create(directory_inode, ecryptfs_dentry,
++ mode);
++ if (unlikely(IS_ERR(ecryptfs_inode))) {
+ ecryptfs_printk(KERN_WARNING, "Failed to create file in"
+ "lower filesystem\n");
++ rc = PTR_ERR(ecryptfs_inode);
+ goto out;
+ }
+ /* At this point, a file exists on "disk"; we need to make sure
+ * that this on disk file is prepared to be an ecryptfs file */
+- rc = ecryptfs_initialize_file(ecryptfs_dentry);
++ rc = ecryptfs_initialize_file(ecryptfs_dentry, ecryptfs_inode);
++ if (rc) {
++ drop_nlink(ecryptfs_inode);
++ unlock_new_inode(ecryptfs_inode);
++ iput(ecryptfs_inode);
++ goto out;
++ }
++ d_instantiate(ecryptfs_dentry, ecryptfs_inode);
++ unlock_new_inode(ecryptfs_inode);
+ out:
+ return rc;
+ }
--- /dev/null
+From cc6bcf7d2ec2234e7b41770185e4dc826390185e Mon Sep 17 00:00:00 2001
+From: "Jeffrey (Sheng-Hui) Chu" <jeffchu@broadcom.com>
+Date: Wed, 23 Nov 2011 11:33:07 +0100
+Subject: i2c-algo-bit: Generate correct i2c address sequence for 10-bit target
+
+From: "Jeffrey (Sheng-Hui) Chu" <jeffchu@broadcom.com>
+
+commit cc6bcf7d2ec2234e7b41770185e4dc826390185e upstream.
+
+The wrong bits were put on the wire, fix that.
+
+This fixes kernel bug #42562.
+
+Signed-off-by: Sheng-Hui J. Chu <jeffchu@broadcom.com>
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/i2c/algos/i2c-algo-bit.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/i2c/algos/i2c-algo-bit.c
++++ b/drivers/i2c/algos/i2c-algo-bit.c
+@@ -486,7 +486,7 @@ static int bit_doAddress(struct i2c_adap
+
+ if (flags & I2C_M_TEN) {
+ /* a ten bit address */
+- addr = 0xf0 | ((msg->addr >> 7) & 0x03);
++ addr = 0xf0 | ((msg->addr >> 7) & 0x06);
+ bit_dbg(2, &i2c_adap->dev, "addr0: %d\n", addr);
+ /* try extended address code...*/
+ ret = try_address(i2c_adap, addr, retries);
+@@ -496,7 +496,7 @@ static int bit_doAddress(struct i2c_adap
+ return -EREMOTEIO;
+ }
+ /* the remaining 8 bit address */
+- ret = i2c_outb(i2c_adap, msg->addr & 0x7f);
++ ret = i2c_outb(i2c_adap, msg->addr & 0xff);
+ if ((ret != 1) && !nak_ok) {
+ /* the chip did not ack / xmission error occurred */
+ dev_err(&i2c_adap->dev, "died at 2nd address code\n");
--- /dev/null
+From 4cac2eb158c6da0c761689345c6cc5df788a6292 Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Tue, 23 Aug 2011 10:16:43 -0600
+Subject: PCI hotplug: shpchp: don't blindly claim non-AMD 0x7450 device IDs
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 4cac2eb158c6da0c761689345c6cc5df788a6292 upstream.
+
+Previously we claimed device ID 0x7450, regardless of the vendor, which is
+clearly wrong. Now we'll claim that device ID only for AMD.
+
+I suspect this was just a typo in the original code, but it's possible this
+change will break shpchp on non-7450 AMD bridges. If so, we'll have to fix
+them as we find them.
+
+Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638863
+Reported-by: Ralf Jung <ralfjung-e@gmx.de>
+Cc: Joerg Roedel <joerg.roedel@amd.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pci/hotplug/shpchp_core.c | 4 ++--
+ drivers/pci/hotplug/shpchp_hpc.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/pci/hotplug/shpchp_core.c
++++ b/drivers/pci/hotplug/shpchp_core.c
+@@ -278,8 +278,8 @@ static int get_adapter_status (struct ho
+
+ static int is_shpc_capable(struct pci_dev *dev)
+ {
+- if ((dev->vendor == PCI_VENDOR_ID_AMD) || (dev->device ==
+- PCI_DEVICE_ID_AMD_GOLAM_7450))
++ if (dev->vendor == PCI_VENDOR_ID_AMD &&
++ dev->device == PCI_DEVICE_ID_AMD_GOLAM_7450)
+ return 1;
+ if (!pci_find_capability(dev, PCI_CAP_ID_SHPC))
+ return 0;
+--- a/drivers/pci/hotplug/shpchp_hpc.c
++++ b/drivers/pci/hotplug/shpchp_hpc.c
+@@ -944,8 +944,8 @@ int shpc_init(struct controller *ctrl, s
+ ctrl->pci_dev = pdev; /* pci_dev of the P2P bridge */
+ ctrl_dbg(ctrl, "Hotplug Controller:\n");
+
+- if ((pdev->vendor == PCI_VENDOR_ID_AMD) || (pdev->device ==
+- PCI_DEVICE_ID_AMD_GOLAM_7450)) {
++ if (pdev->vendor == PCI_VENDOR_ID_AMD &&
++ pdev->device == PCI_DEVICE_ID_AMD_GOLAM_7450) {
+ /* amd shpc driver doesn't use Base Offset; assume 0 */
+ ctrl->mmio_base = pci_resource_start(pdev, 0);
+ ctrl->mmio_size = pci_resource_len(pdev, 0);
--- /dev/null
+ecryptfs-prevent-file-create-race-condition.patch
+ecryptfs-flush-file-in-vma-close.patch
+i2c-algo-bit-generate-correct-i2c-address-sequence-for-10-bit-target.patch
+ecryptfs-extend-array-bounds-for-all-filename-chars.patch
+crypto-mv_cesa-fix-hashing-of-chunks-1920-bytes.patch
+drm-integer-overflow-in-drm_mode_dirtyfb_ioctl.patch
+drm-radeon-kms-fix-up-gpio-i2c-mask-bits-for-r4xx-for-real.patch
+drm-i915-ivybridge-still-has-fences.patch
+drm-i915-turn-on-a-required-3d-clock-gating-bit-on-sandybridge.patch
+drm-i915-turn-on-another-required-clock-gating-bit-on-gen6.patch
+drm-i915-fix-inconsistent-backlight-level-during-disabled.patch
+pci-hotplug-shpchp-don-t-blindly-claim-non-amd-0x7450-device-ids.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
